Sparkasse ATMs out of service due to network problems

On 09.25.2015, several branches of the Sparkasse savings bank experienced service disruptions. A technical fault at the Finanz Informatik data center in Fellbach near Stuttgart caused ATMs and bank account statement printers in Rhineland-Palatinate, Baden-Wuerttemberg, Bremen and Saarland to malfunction. It was not possible to withdraw cash. An inconceivable scenario for many people. To everyone's relief, it appears that there were no criminal attacks or data losses. Apparently, the malfunction was caused by routing problems. The update to eliminate the fault on Friday afternoon was not followed up by any detailed technical explanations. The savings bank did not respond to the angry customers, who let off steam on twitter. What went wrong?

The customer must always stay informed!

Especially if highly sensitive data is concerned, as was the case here. Not only were the savings bank customers not able to withdraw cash, there was also no-one who could say for sure that this had not been a criminal attack. Transparency should be a given in any case scenario, especially when people fear for their savings.

The first notice appeared on Facebook at 04:12 a.m. and on Twitter at 04:23 a.m. After about two hours, the public was informed that the faults had been eliminated and that their data was not at risk. According to Internet reports, it took until Sunday evening in some parts of Germany to remove all of the faults.

The same had happened a week earlier at VR Bank Rhein-Neckar eG. According to Facebook, a technical fault occurred in the time between 12:16 a.m. and 06:55 a.m. In between there were no updates. In spite of the fast response time, customers still want to be informed of such occurrences.

Two computer center failures at two different banks within a single week. Is this mere coincidence or are there any underlying factors causing an unstable network?

Concerns about outdated operating systems

In 2014, there was a wave of concerns regarding the operating system Windows XP, which is used by 95 % of all ATMS worldwide. Windows XP was released at the end of 2001, making it quite outdated. Support should have ended in April 2014, but was contractually extended for ATMS.

Opinions on this matter are divided. The main concern being security flaws caused by missing updates. According to the German banking industry, the outdated operating system does not pose a security risk because the ATMs are not connected to the public Internet like in the UK or the US. But who can guarantee that the German ATMs will always be operated in a separate network?

The majority of banks have ignored the problem for many years and are now faced with expensive maintenance contracts. The ending of the support was announced seven years prior. This gives rise to the question of whether a conversion of the ATMs or a replacement would not have been more cost-effective.

Last year the banks were considering a changeover to Linux. This would have included all of the necessary security measures. But no changeover was made.

The distinguishing marks of a modern and secure data center

A data center must fulfil certain conditions to meet the high security requirements:

1. Certification of the data center
2. Management of the IT infrastructure through modern monitoring systems / round-the-clock video surveillance
3. Fire alarm systems, early fire detection systems and smoke detectors
4. Certification for the structural and technical security
5. Locational advantage Germany: Validity of the German Data Protection Law
6. Optimum air conditioning through cooling circuits, climate chambers and a fail-safe cooling infrastructure
7. Maximum system stability through the use of a double and uninterruptible power supply
8. Stable network infrastructure
9. Transparency of the provider

Have you ever thought about visiting the data center of your provider? How would he react?

In the context of our example, good customer service should include a changeover to a secure software if the current version of the software poses a security risk. No-one wants to be at a supermarket checkout and realize that his EC card is not working properly or that he cannot withdraw cash from an ATM shortly before going on holiday.

Basically, even if all safety precautions have been taken and high quality machines are used: It is still a matter of trust. If the customer feels ill-advised or feels he is not being taken seriously or even cheated, the resulting damages are often beyond repair. The highest priority is always the customer.